diff options
| author | Ed Maste <emaste@FreeBSD.org> | 2023-08-10 16:16:53 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2023-08-10 16:16:53 +0000 |
| commit | 78f30535bcdb64cf743b416327ecb0f00e25b2aa (patch) | |
| tree | 6a7ed1da4073532874ed6bbd2ed553eed285e39c /.github | |
| parent | e524ba4db420aa72d11792aa317da381eb32fcce (diff) | |
Diffstat (limited to '.github')
| -rw-r--r-- | .github/ci-status.md | 6 | ||||
| -rwxr-xr-x | .github/configs | 45 | ||||
| -rwxr-xr-x | .github/setup_ci.sh | 17 | ||||
| -rw-r--r-- | .github/workflows/c-cpp.yml | 26 | ||||
| -rw-r--r-- | .github/workflows/selfhosted.yml | 2 |
5 files changed, 70 insertions, 26 deletions
diff --git a/.github/ci-status.md b/.github/ci-status.md index c57c3d83d11a..f3e088fd6043 100644 --- a/.github/ci-status.md +++ b/.github/ci-status.md @@ -6,6 +6,6 @@ master : [](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) [](https://scan.coverity.com/projects/openssh-portable) -9.2 : -[](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_2) -[](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_2) +9.3 : +[](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_3) +[](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_3) diff --git a/.github/configs b/.github/configs index 8f21fc54a268..e054eb3196b5 100755 --- a/.github/configs +++ b/.github/configs @@ -81,7 +81,8 @@ case "$config" in CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer" LDFLAGS="-fsanitize=memory" CPPFLAGS='-Dchroot=chdir -Dexplicit_bzero=bzero -DMSAN_OPTIONS=\"log_path='$SANLOGS'/msan.log\"' - CONFIGFLAGS="--without-openssl --without-zlib --without-shadow" + CONFIGFLAGS="--without-zlib --without-shadow" + LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET="t-exec" ;; *-sanitize-undefined) @@ -139,6 +140,10 @@ case "$config" in CONFIGFLAGS="--with-pam" SSHD_CONFOPTS="UsePam yes" ;; + boringssl) + CONFIGFLAGS="--disable-pkcs11" + LIBCRYPTOFLAGS="--with-ssl-dir=/opt/boringssl --with-rpath=-Wl,-rpath," + ;; libressl-*) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath," ;; @@ -209,13 +214,15 @@ esac # The Solaris 64bit targets are special since they need a non-flag arg. case "$config" in sol64*) - CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}" - LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64" + CONFIGFLAGS="--target=x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}" + LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64 --with-rpath=-Wl,-rpath," ;; esac case "${TARGET_HOST}" in aix*) + CONFIGFLAGS="--disable-security-key" + LIBCRYPTOFLAGS="--without-openssl" # These are slow real or virtual machines so skip the slowest tests # (which tend to be thw ones that transfer lots of data) so that the # test run does not time out. @@ -240,7 +247,8 @@ case "${TARGET_HOST}" in SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace" ;; minix3) - LIBCRYPTOFLAGS="--without-openssl --disable-security-key" + CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key" + LIBCRYPTOFLAGS="--without-openssl" # Minix does not have a loopback interface so we have to skip any # test that relies on one. # Also, Minix seems to be very limited in the number of select() @@ -264,7 +272,8 @@ case "${TARGET_HOST}" in CONFIGFLAGS="${CONFIGFLAGS} --without-hardening --disable-security-key" ;; openwrt-*) - CONFIGFLAGS="${CONFIGFLAGS} --without-openssl --without-zlib" + CONFIGFLAGS="${CONFIGFLAGS} --without-zlib" + LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET="t-exec" ;; sol10|sol11) @@ -278,7 +287,8 @@ case "${TARGET_HOST}" in ;; esac -case "`./config.guess`" in +host=`./config.guess` +case "$host" in *cygwin) SUDO="" # Don't run compat tests on cygwin as they don't currently compile. @@ -289,17 +299,34 @@ case "`./config.guess`" in # modern versions don't ship with libcrypto. LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec + case "$host" in + *-darwin22.*) + # sudo -S nobody doesn't work on macos 13 for some reason. + SKIP_LTESTS="agent-getpeereid" ;; + esac ;; esac -# If we have a local openssl/libressl, use that. +# Unless specifically configured, search for a suitable version of OpenSSL, +# otherwise build without it. if [ -z "${LIBCRYPTOFLAGS}" ]; then + LIBCRYPTOFLAGS="--without-openssl" # last-match - for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do + for i in /usr /usr/local /usr/local/ssl /usr/local/opt/openssl; do + ver="none" if [ -x ${i}/bin/openssl ]; then - LIBCRYPTOFLAGS="--with-ssl-dir=${i}" + ver="$(${i}/bin/openssl version)" fi + case "$ver" in + none) ;; + "OpenSSL 0."*|"OpenSSL 1.0."*|"OpenSSL 1.1.0"*) ;; + "LibreSSL 2."*|"LibreSSL 3.0."*) ;; + *) LIBCRYPTOFLAGS="--with-ssl-dir=${i}" ;; + esac done + if [ "${LIBCRYPTOFLAGS}" = "--without-openssl" ]; then + TEST_TARGET="t-exec" + fi fi CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}" diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh index 691c70dd7ed6..154f51bdc205 100755 --- a/.github/setup_ci.sh +++ b/.github/setup_ci.sh @@ -4,7 +4,9 @@ PACKAGES="" . .github/configs $@ -case "`./config.guess`" in +host=`./config.guess` +echo "config.guess: $host" +case "$host" in *cygwin) PACKAGER=setup echo Setting CYGWIN system environment variable. @@ -124,6 +126,10 @@ for TARGET in $TARGETS; do esac PACKAGES="${PACKAGES} putty-tools" ;; + boringssl) + INSTALL_BORINGSSL=1 + PACKAGES="${PACKAGES} cmake ninja-build" + ;; valgrind*) PACKAGES="$PACKAGES valgrind" ;; @@ -199,3 +205,12 @@ if [ ! -z "${INSTALL_LIBRESSL}" ]; then ./configure --prefix=/opt/libressl && make -j2 && sudo make install) fi fi + +if [ ! -z "${INSTALL_BORINGSSL}" ]; then + (cd ${HOME} && git clone https://boringssl.googlesource.com/boringssl && + cd ${HOME}/boringssl && mkdir build && cd build && + cmake -GNinja -DCMAKE_POSITION_INDEPENDENT_CODE=ON .. && ninja && + mkdir -p /opt/boringssl/lib && + cp ${HOME}/boringssl/build/crypto/libcrypto.a /opt/boringssl/lib && + cp -r ${HOME}/boringssl/include /opt/boringssl) +fi diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml index f3163884a037..e4e2a64e05d2 100644 --- a/.github/workflows/c-cpp.yml +++ b/.github/workflows/c-cpp.yml @@ -13,7 +13,14 @@ jobs: fail-fast: false matrix: # First we test all OSes in the default configuration. - target: [ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022] + target: + - ubuntu-20.04 + - ubuntu-22.04 + - macos-11 + - macos-12 + - macos-13 + - windows-2019 + - windows-2022 config: [default] # Then we include any extra configs we want to test for specific VMs. # Valgrind slows things down quite a bit, so start them first. @@ -43,33 +50,27 @@ jobs: - { target: ubuntu-20.04, config: gcc-11-Werror } - { target: ubuntu-20.04, config: pam } - { target: ubuntu-20.04, config: kitchensink } - - { target: ubuntu-20.04, config: hardenedmalloc } + - { target: ubuntu-22.04, config: hardenedmalloc } - { target: ubuntu-20.04, config: tcmalloc } - { target: ubuntu-20.04, config: musl } + - { target: ubuntu-latest, config: boringssl } - { target: ubuntu-latest, config: libressl-master } - - { target: ubuntu-latest, config: libressl-2.2.9 } - - { target: ubuntu-latest, config: libressl-2.8.3 } - - { target: ubuntu-latest, config: libressl-3.0.2 } - { target: ubuntu-latest, config: libressl-3.2.6 } - { target: ubuntu-latest, config: libressl-3.3.6 } - { target: ubuntu-latest, config: libressl-3.4.3 } - { target: ubuntu-latest, config: libressl-3.5.3 } - { target: ubuntu-latest, config: libressl-3.6.1 } - - { target: ubuntu-latest, config: libressl-3.7.0 } + - { target: ubuntu-latest, config: libressl-3.7.2 } - { target: ubuntu-latest, config: openssl-master } - { target: ubuntu-latest, config: openssl-noec } - - { target: ubuntu-latest, config: openssl-1.0.1 } - - { target: ubuntu-latest, config: openssl-1.0.1u } - - { target: ubuntu-latest, config: openssl-1.0.2u } - - { target: ubuntu-latest, config: openssl-1.1.0h } - { target: ubuntu-latest, config: openssl-1.1.1 } - { target: ubuntu-latest, config: openssl-1.1.1k } - { target: ubuntu-latest, config: openssl-1.1.1n } - { target: ubuntu-latest, config: openssl-1.1.1q } - - { target: ubuntu-latest, config: openssl-1.1.1s } + - { target: ubuntu-latest, config: openssl-1.1.1t } - { target: ubuntu-latest, config: openssl-3.0.0 } - - { target: ubuntu-latest, config: openssl-3.0.5 } - { target: ubuntu-latest, config: openssl-3.0.7 } + - { target: ubuntu-latest, config: openssl-3.1.0 } - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch - { target: ubuntu-22.04, config: pam } @@ -82,6 +83,7 @@ jobs: - { target: ubuntu-22.04, config: without-openssl } - { target: macos-11, config: pam } - { target: macos-12, config: pam } + - { target: macos-13, config: pam } runs-on: ${{ matrix.target }} steps: - name: set cygwin git params diff --git a/.github/workflows/selfhosted.yml b/.github/workflows/selfhosted.yml index d38cba520500..e84db699ea31 100644 --- a/.github/workflows/selfhosted.yml +++ b/.github/workflows/selfhosted.yml @@ -25,9 +25,9 @@ jobs: - debian-i386 - dfly30 - dfly48 - - dfly58 - dfly60 - dfly62 + - dfly64 - fbsd10 - fbsd12 - fbsd13 |